CVE-2025-43708

Name of the Vulnerable Software and Affected Versions VisiCut version 2.1

Description The issue is related to insecure deserialization, where VisiCut 2.1 allows stack consumption via an XML document with nested set elements. This can be demonstrated by a java.util.HashMap StackOverflowError when the reference variable is set to '../../../set/set[2]'.

Recommendations For VisiCut version 2.1, consider restricting the use of nested set elements in XML documents to minimize the risk of stack consumption until a patch is available. Avoid using the reference variable with values that could lead to nested set elements, such as '../../../set/set[2]', in XML documents until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.